Information Security News
by Sean Gallagher
Security reporter Brian Krebs has uncovered some details about one of the people tied to the denial of service attack on his site and the fraudulent 911 call that brought armed police to Krebs' doorstep. It turns out the hacker may have delivered grief to another technology reporter not too long ago: Mat Honan. And, yes, that hacker appears to have used accounts tied to Friday's DOS attack on Ars.
Krebs connected with the operator of TwBooter (booter.tw) who told the reporter that the accounts used to launch said attacks were taken over by a hacker who goes by Phobia. (The TwBooter operator wouldn't explain how he knew, however.) Other leads Krebs uncovered pointed to a group of gamers and hackers called "Team Hype," upset by his reporting on the identity theft clearinghouse site ssndb.ru—because they, apparently, had been using information from the site to take over the Xbox Live gamertags of Microsoft employees before selling them to other players. One of the members of that group was known as Phobia.
According to Krebs' source, Phobia had been bragging to others that he was responsible for both the DOS attack on Krebs' site and the call that brought armed police to his house. But Phobia, who had until recently used the Twitter account @PhobiaTheGod, had his personal details exposed as well. He had been "doxed" on the site Skidpaste.org. So Krebs decided to use that information to give Phobia a call.
Infosec boffins meet to plan nuke plant hack response
Stuxnet gave the world a graphic demonstration just how high the stakes can be when malware hits machinery. This week, the world is starting to plan a response to an even scarier incident, in which an online attack is aimed at a working nuclear or ...
by Sean Gallagher
Last week, Security Editor Dan Goodin posted a story about the "swatting" of security reporter Brian Krebs and the denial of service attack on Krebs' site. Soon after, Ars was targeted by at least one of the individuals behind the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial of service attack struck our site, making connectivity to Ars problematic for a little less than two hours.
The attack continued to run throughout Friday. At 9pm EDT, when our hosting provider brought down one of the filters that had been put in place to thwart it, it quickly became apparent that the attack was still underway, and the filter was restored. The most aggressive filters were finally removed on Saturday.
At least in part, the offensive used the same attack tool and user credentials that were involved in the denial-of-service (DoS) attack on Krebs On Security, as Krebs himself revealed in a blog post. The attackers used multiple accounts on TwBooter, a "booter" site that provides denial of service attacks as a paid service (ostensibly for security testing purposes), to launch an automated, denial of service attack on Ars. And at least one of those logins was also used to attack Krebs' site.
More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game platform allowing attackers to remotely execute malicious code on players' computers.
The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game store into an attack platform that can covertly install malware on customers' computers.
"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."
Posted by InfoSec News on Mar 17http://www.dailyherald.com/article/20130315/business/703159783/
Posted by InfoSec News on Mar 17http://arstechnica.com/tech-policy/2013/03/feds-charge-two-men-in-plot-to-sell-hacked-subway-gift-cards-worth-40000/
Posted by InfoSec News on Mar 17http://www.telegraphindia.com/1130316/jsp/jharkhand/story_16677875.jsp#.UUXj97I-vQY
Posted by InfoSec News on Mar 17http://www.wbir.com/news/article/259768/2/Y-12-security-breach-detailed-by-former-contractor-in-report
Posted by InfoSec News on Mar 17http://www.wired.com/threatlevel/2013/03/hackers-game-casino/